IETF Logo Mail Archive

Re: [COSE] [cose-issues] Require publicly visible stable specifications for IANA registrations (#39)

Mike Jones <Michael.Jones@microsoft.com> Mon, 11 January 2016 20:35 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48E331A90FF for <cose@ietfa.amsl.com>; Mon, 11 Jan 2016 12:35:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3Fpl70HTWAYO for <cose@ietfa.amsl.com>; Mon, 11 Jan 2016 12:35:55 -0800 (PST)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1bon0708.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::1:708]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9D521A8A78 for <cose@ietf.org>; Mon, 11 Jan 2016 12:35:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=efdx29Vx/ARt9X+zS6MOSIwJN5lm0IVH1ppOG3g6J48=; b=E4krX89mwMyMrATWr6+M/XusEBHAL4KObQoZ6wYGG5AGUMxB6ycFZigYBxc83LII5xS70oEsVwAXrkUvGjy4lADuPUI3TsNOaihkqgcts/upPv1/ma6Fmx23QnJkjUaM9/6DEOr5TPmWlRvk4lUeHGc2d4dlk+lLMRC8Cy9u/1M=
Received: from BY2PR03MB442.namprd03.prod.outlook.com (10.141.141.145) by BY2PR03MB441.namprd03.prod.outlook.com (10.141.141.142) with Microsoft SMTP Server (TLS) id 15.1.361.13; Mon, 11 Jan 2016 20:35:35 +0000
Received: from BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) by BY2PR03MB442.namprd03.prod.outlook.com ([10.141.141.145]) with mapi id 15.01.0361.006; Mon, 11 Jan 2016 20:35:35 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Jim Schaad <ietf@augustcellars.com>
Thread-Topic: [cose-issues] Require publicly visible stable specifications for IANA registrations (#39)
Thread-Index: AQHRPFCAKn53T0H57U6o+cohh4mD05725P3g
Date: Mon, 11 Jan 2016 20:35:34 +0000
Message-ID: <BY2PR03MB44229F0120A1E2B920BD5DFF5C90@BY2PR03MB442.namprd03.prod.outlook.com>
References: <cose-wg/cose-issues/issues/39@github.com> <cose-wg/cose-issues/issues/39/162124923@github.com> <015801d13c50$1d1e24a0$575a6de0$@augustcellars.com>
In-Reply-To: <015801d13c50$1d1e24a0$575a6de0$@augustcellars.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-originating-ip: [12.130.116.69]
x-microsoft-exchange-diagnostics: 1; BY2PR03MB441; 5:PBx4oisR4m047QcSSaBsX62NZhOeEXa7adSwDfvKIqEQaLPU07epsZdWgR1YEhn2PFSZ+cl9E5gYhKTbbMbn/rdVZspHzkpSU/cFTpx85TwFz9GYNYMaEFFQAazJGKNVvlxh1zA6yK9d4ZkimeAI+w==; 24:ex2WJU0owzcLZOa9vtpSpDAA8GDYnp7ch4ueeDX/O4tl9oI6o7SpldTeOxvX0TrsmO8nI7vIFjAExKWzAVo1dSvf8MVJgyAT32sRqDzX+xA=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR03MB441;
x-ms-office365-filtering-correlation-id: 009bb920-22c0-478e-14d8-08d31ac6c213
x-microsoft-antispam-prvs: <BY2PR03MB4411F2FBE7773019B72CA40F5C90@BY2PR03MB441.namprd03.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(601004)(2401047)(5005006)(520078)(8121501046)(3002001)(10201501046)(61426038)(61427038); SRVR:BY2PR03MB441; BCL:0; PCL:0; RULEID:; SRVR:BY2PR03MB441;
x-forefront-prvs: 0818724663
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(189002)(13464003)(199003)(377454003)(5004730100002)(5001960100002)(5003600100002)(81156007)(101416001)(11100500001)(15395725005)(6116002)(189998001)(122556002)(10400500002)(2950100001)(50986999)(33656002)(19580395003)(86612001)(5005710100001)(97736004)(10290500002)(1220700001)(586003)(1096002)(2906002)(15975445007)(66066001)(106116001)(92566002)(3846002)(4326007)(8990500004)(5002640100001)(77096005)(74316001)(76576001)(76176999)(54356999)(2900100001)(40100003)(110136002)(86362001)(99286002)(105586002)(87936001)(106356001)(10090500001)(5008740100001)(19580405001)(102836003); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR03MB441; H:BY2PR03MB442.namprd03.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Jan 2016 20:35:34.9999 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR03MB441
Archived-At: <http://mailarchive.ietf.org/arch/msg/cose/okLF3q9KvRg-FmacxJlJKCytJJE>
Cc: "cose@ietf.org" <cose@ietf.org>
Subject: Re: [COSE] [cose-issues] Require publicly visible stable specifications for IANA registrations (#39)
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Jan 2016 20:35:58 -0000

I don't think that registering COSE values without making a specification publicly available so that the registered value can be understood and having private header parameter names in JOSE, which are not registered, are equivalent.  The difference is that in the current COSE methodology, it's possible to have registered values but no way for implementers to follow a link from the registry to understand what the meaning of the value is.  In JOSE, if it's registered, there's always a link from the registry to the definition.  That seems a lot more consistent and useful to me, hence my request for the change.

I'm fine with private values for private usages.  Just don't register them.  Registrations should all be specification-required.

				-- Mike

-----Original Message-----
From: Jim Schaad [mailto:ietf@augustcellars.com] 
Sent: Monday, December 21, 2015 4:32 PM
To: Mike Jones <Michael.Jones@microsoft.com>
Cc: cose@ietf.org
Subject: RE: [cose-issues] Require publicly visible stable specifications for IANA registrations (#39)

Mike,

I was wondering if you could address what might be seen as a change in your attitude to this over time.

The JOSE specifications allow for a privately defined header field to be created.

Something similar to the current COSE allocations is done in the JOSE documents by the following:


Registered Header Parameter Names in JOSE:  This corresponds to the general area of Specification Required assignment area of COSE documents.  I note that although a reference to a document is required, it implicitly but does not explicitly require that the document be publicly available. 

Public Header Parameter Names in JOSE: This correspond to the set of first-come, first serve assignment area of COSE documents.  JOSE deals with this by saying that it should be collision resistant by prefixing (or some other method) to make the name statistically unique.  For COSE it would not be possible to have any degree of uniqueness of the headers in the same way while still maintaining the desire to have very short identifiers.  There is a big difference in size between "http://example.org/COSE/foobar" and 0x100000 when doing the encodings in CBOR.

Private Header Parameter Names in JOSE:  This corresponds to the private registry assignment area of COSE documents.


It would appear from this that there is an implicit registry area for JOSE which allows for a section header parameters which does not have publicly available specifications when implicitly registered.  To wit, the Public Header Parameter Names.

I am not sure if this really represents a change in your opinions or if you have just not considered these as being equivalent.

Jim

v2.23.0 | Report a Bug | By Email